[Samba] Samba 4.5 y opensuse42.1
Vinicius Bones Silva
vbs at e-trust.com.br
Mon Oct 31 14:39:31 UTC 2016
Hi,
The ldapsearch message is because you can't connect by plain text (-x) by default .
Try using https, that should do it.
Does smbclient -L SERVERDOM -U Administrator work? Or does it give
NT_STATUS_LOGON_FAILURE as well?
if you increase the log level, do you see "Unable to convert SID (S-1-X-XXX) at index
X in user token to a GID." in your log files?
Em 31/10/2016 12:17, Informatico Neurodesarrollo via samba escreveu:
> Any body here?; some body can help me ?.
>
>
> T.I.A.
>
> El 25/10/16 a las 16:24, Informatico Neurodesarrollo via samba escribió:
>> Hi friends:
>> I was installed Samba4 ver 4.5 on openSuSE 42.1 Leap, the smb.conf is:
>>
>> # Global parameters
>> [global]
>> netbios name = SERVERDOM
>> realm = POLRMVAR.MTZ.SLD.CU
>> workgroup = POLRMVAR
>> dns forwarder = 10.44.0.5
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
>> ntp_signd, kcc
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/polrmvar.mtz.sld.cu/scripts
>> read only = No
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>>
>> [home]
>> comment = Directorios Personales
>> path = /home/usuarios
>> read only = No
>>
>> Kerberos are work fine
>>
>> krb5.conf:
>>
>> [libdefaults]
>> default_realm = DOMINIO.MTZ.SLD.CU
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> default_ccache_name = KEYRING:persistent:%{uid}
>>
>>
>> When I run this command while config my samba:
>>
>> #net rpc rights grant 'DOMINIO\Domain Admins' SeMachineAccountPrivilege \
>> SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege \
>> SeRemoteShutdownPrivilege -UAdministrator
>>
>> and all work fine.
>>
>> but when I run this other to check rights:
>>
>> # net rpc rights list accounts –UAdministrator
>> Enter informatico's password:
>> Could not connect to server 127.0.0.1
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>>
>> I don't know where to look?, this is Problem #1
>>
>> The other:
>>
>> server:#ldapsearch -x -h servidor -s base -D
>> CN=Administrator,CN=Users,CN=DOMINIO,DC=MTZ,DC=SLD,DC=CU -W
>> Enter LDAP Password:
>> ldap_bind: Strong(er) authentication required (8)
>> additional info: BindSimple: Transport encryption required.
>>
>>
>> I was looking around about the problem , I wish improve the security on my server, not
>> lack it.
>>
>> Any suggestion are welcome.
>>
>> T.I.A
>>
>>
>
--
Vinicius Silva
SOC
BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva
Smiley face
www.e-trust.com.br <http://www.e-trust.com.br/>
Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou
informações contidas nesta mensagem não necessariamente refletem a posição oficial da
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.
This message may contain privileged and confidential information for the use of the
intended recipients only. If you are not an intended recipient then you should not
disseminate, copy, or take any action based on its contents. If you have received this
message in error then please notify E-TRUST by sending an e-mail message to
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not
necessarily reflect the position of E-TRUST. If this message is digitally signed, its
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at
www.e-trust.com.br.
More information about the samba
mailing list